RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
servers:nginx:lets_encrypt [2024/07/25 23:34] – [Prerequisites] Sean Rhoneservers:nginx:lets_encrypt [2024/08/13 16:47] (current) – removed Sean Rhone
Line 1: Line 1:
-====== Information ====== 
- 
-  * Let's Encrypt ((https://letsencrypt.org)) 
-  * Certbot ((https://certbot.eff.org)) 
-  * [[Information:Realm of Espionage]] 
- 
-===== Prerequisites ===== 
- 
-  * [[distros:fedora_server|Fedora Server]] 
-  * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx then port 443/tcp likely needs to be opened and pre/post-hooks/service restarting changed)) 
- 
-====== Dependencies ====== 
- 
-**** 
- 
-  sudo dnf install 'certbot' 
- 
-====== Settings ====== 
- 
-  *  :!: Be sure to change the email address 
-  * :!: Any new domains added need to be added to Namecheap as well 
-  * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018)) 
- 
-  sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini' 
- 
-<code> 
-verbose = true 
-text = true 
-non-interactive = true 
-standalone = true 
-force-renewal = true 
-agree-tos = true 
- 
-########## 
-#CHANGEME# 
-########## 
- 
-email = espionage724@x 
- 
-########## 
-#CHANGEME# 
-########## 
- 
-no-eff-email = true 
- 
-rsa-key-size = 4096 
-redirect = true 
-hsts = true 
-uir = true 
-staple-ocsp = true 
- 
-pre-hook = systemctl stop 'nginx' 
-post-hook = systemctl start 'nginx' 
- 
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz 
- 
-# End</code> 
- 
-====== Obtain Certs ====== 
- 
-  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet)) 
- 
-  sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run 
- 
-====== Automatic Cert Renewal ====== 
- 
-===== Disable Existing ===== 
- 
-**** 
- 
-  sudo systemctl disable --now 'certbot-renew' 'certbot-renew.timer' 
- 
-===== Service ===== 
- 
-  sudo -e '/etc/systemd/system/certbot-renew-custom.service' 
- 
-<code> 
-[Service] 
-Type=oneshot 
-ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet 
-ExecStartPost='/usr/bin/sync' 
- 
-# End</code> 
- 
-===== Timer ===== 
- 
-  sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now 
- 
-<code> 
-[Unit] 
-Description=Let's Encrypt Certificate Renewal 
-After=network-online.target 
-Wants=network-online.target 
- 
-[Timer] 
-OnCalendar=weekly 
-Persistent=true 
- 
-[Install] 
-WantedBy=multi-user.target 
- 
-# End</code> 
  
/srv/www/wiki/data/attic/servers/nginx/lets_encrypt.1721964898.txt.gz · Last modified: by Sean Rhone